This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
46
Updates / Re: Vulnerabilities in Apache 2.4.66 and older versions
« on: May 09, 2026, 04:54:03 PM »
If anyone needs help doing the update, we created a KB article at:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-apache-to-2-4-67-in-cwp-on-almalinux-8-9/
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-apache-to-2-4-67-in-cwp-on-almalinux-8-9/
47
Installation / Re: Copy Fail (CVE-2026-31431) Patches Released
« on: May 08, 2026, 12:39:18 AM »
This is why everyone needs to keep the base OS up2date.
This CVE related to the base OS Kernel for all Linux OS's out there, not just AlmaLinux.
Thankfully all of AlmaLinux's mirrors had the update ready to download by 2026-05-05
It affected AL8, AL9, and AL10.
This CVE related to the base OS Kernel for all Linux OS's out there, not just AlmaLinux.
Thankfully all of AlmaLinux's mirrors had the update ready to download by 2026-05-05
It affected AL8, AL9, and AL10.
48
Other / To all the CWP nay sayers, cPanel has a MASSIVE CVE making it unusable
« on: May 01, 2026, 12:26:22 AM »
https://nvd.nist.gov/vuln/detail/CVE-2026-41940
And the workaround blocks ALL logins:
And the workaround blocks ALL logins:
Quote
In the meantime, using a firewall to block access to TCP ports 2083/2087 will prevent unauthorized access, but would also restrict all other access to the control panel as well.
51
Mod_Security / Re: After installing Mod Security, Apache cannot start
« on: April 04, 2026, 03:53:17 PM »
For some reason when you install ModSecurity, line 2 of /usr/local/apache/conf.d/mod_security.conf needs to be manually fixed.
By Default is only has:
You need to edit it, say the whole line says:
Save, and then start Apache.
By Default is only has:
Code: [Select]
LoadFile /usr/lib64/You need to edit it, say the whole line says:
Code: [Select]
LoadFile /usr/lib64/liblua-5.4.soSave, and then start Apache.
52
CentOS 9 Problems / Re: EL9 recent update casusing boot issue
« on: April 02, 2026, 06:18:17 PM »Its on VM. Startup RAM was 1GB. But allocated RAM is 20GB+
Interesting...
I've installed CWP with AL9 on a single AMD vCPU with 1GB before.
53
MySQL / Re: Allow Remote Access to MariaDB Database
« on: March 30, 2026, 01:48:51 PM »
I was just correcting your multiple assertions in your posts, that it was "common place" to open up the MariaDB port to outside attacks...
That was a false statement, as it is NOT "common place". If it was, it would be the default setting.
And ONLY stated that the DEFAULT security setting on CWP, CyberPanel, HestiaCP, cPanel, and ALL other panels on installation, is that it is set to localhost only automatically.
That was a false statement, as it is NOT "common place". If it was, it would be the default setting.
And ONLY stated that the DEFAULT security setting on CWP, CyberPanel, HestiaCP, cPanel, and ALL other panels on installation, is that it is set to localhost only automatically.
54
CentOS 9 Problems / Re: EL9 recent update casusing boot issue
« on: March 29, 2026, 07:56:37 AM »Thanks for all suggestion. But i found the solution.
after debugging i found that it is cased by memory. as its on VM. i update the start memory size to 2GB and the problem was resolved.
Thanks again. hope it might help someone.
Just curious how much RAM it had?
I've run AlmaLinux 8 on a server with 512MB before.
55
MySQL / Re: Allow Remote Access to MariaDB Database
« on: March 27, 2026, 11:51:44 PM »
GO use ANY other control panel, including freeware and COMMERCIAL WILL have MariaDB/MySQL on port 3306 locked down to localhost only.
We are back to basic cyber security 101.
And back to you stating it's "common place", which it is not.
If it was all the control panels would have it open, which again they do not due to security.
Yes, more advanced users who want to run clusters or load balancing would.
And would be running proxies directing traffic to workers, who in turn would connect to the database server via a private network in the background.
You also really would not be running a control panel at that point, and just a raw OS.
If you aren't running dnf update to keep your servers updated and secure, that is one job of a sys admin and/or a cyber security person.
That is not a waste of time.
Or you can even automate it, which could be a system script that could be run locally or via ansible.
You can't argue your way is correct and "common place", when all the control panels defaults say and do the opposite...
There is no right or wrong way.
Just the default and custom application of what you are doing with the server(s).
We are back to basic cyber security 101.
And back to you stating it's "common place", which it is not.
If it was all the control panels would have it open, which again they do not due to security.
Yes, more advanced users who want to run clusters or load balancing would.
And would be running proxies directing traffic to workers, who in turn would connect to the database server via a private network in the background.
You also really would not be running a control panel at that point, and just a raw OS.
If you aren't running dnf update to keep your servers updated and secure, that is one job of a sys admin and/or a cyber security person.
That is not a waste of time.
Or you can even automate it, which could be a system script that could be run locally or via ansible.
You can't argue your way is correct and "common place", when all the control panels defaults say and do the opposite...
There is no right or wrong way.
Just the default and custom application of what you are doing with the server(s).
56
MySQL / Re: Allow Remote Access to MariaDB Database
« on: March 26, 2026, 07:05:32 PM »
@Andrew C
CWP's last release was on 2026-03-18 for patches & bug fixes.
Before that it was on 2026-02-18 & 2026-02-02.
They release patches about as often as other control panels.
But what's nice with CWP, the apps update their own versions, this helps keep CWP secure, as CWP only has to worry about 4 ports for the CWP interface.
Only one that really has to be done manually is Roundcube.
And with MariaDB, I was looking at your line "It is common practice to remote connect to MariaDB with advanced admin tools to manage the database."
From what I have seen, it is not common to remote connect to MariaDB.
Most users use scripts that are located on the same server.
Opening port 3306, is opening a security hole on the server, as it it is opening any port.
See, I see you use, 'common practice' and the 'advanced admin tools' in the same sentence.
Those 2 don't really go together, as only a small rare portion would ever use 'advanced admin tools'.
It's not even common for users to ever use phpMyAdmin.
Usually at that point they would open a support ticket.
CWP's last release was on 2026-03-18 for patches & bug fixes.
Before that it was on 2026-02-18 & 2026-02-02.
They release patches about as often as other control panels.
But what's nice with CWP, the apps update their own versions, this helps keep CWP secure, as CWP only has to worry about 4 ports for the CWP interface.
Only one that really has to be done manually is Roundcube.
And with MariaDB, I was looking at your line "It is common practice to remote connect to MariaDB with advanced admin tools to manage the database."
From what I have seen, it is not common to remote connect to MariaDB.
Most users use scripts that are located on the same server.
Opening port 3306, is opening a security hole on the server, as it it is opening any port.
See, I see you use, 'common practice' and the 'advanced admin tools' in the same sentence.
Those 2 don't really go together, as only a small rare portion would ever use 'advanced admin tools'.
It's not even common for users to ever use phpMyAdmin.
Usually at that point they would open a support ticket.
57
Information / Re: Modernizing CWP: Drop EOL, Support AL9, AL10 & Rocky
« on: March 26, 2026, 06:40:20 PM »I switched to KeyHelp panel because I no longer trust CWP. It works very stably.
Looks like they took the open source HestiaCP and just did some name changes, and made a 'Pro' version for 9€
Even only works on Ubuntu and Debian.
58
MySQL / Re: Allow Remote Access to MariaDB Database
« on: March 25, 2026, 09:57:56 PM »
In one sentence you say database access Should Be Public, but then you say you restrict access.
All control panels limit database access to only localhost be default, not just CWP. That is basic cyber security 101.
CWP has nothing to do with MariaDB. 2 different developers.
If you have the MariaDB.repo setup, then any updates & security patches will be applied.
All control panels limit database access to only localhost be default, not just CWP. That is basic cyber security 101.
CWP has nothing to do with MariaDB. 2 different developers.
If you have the MariaDB.repo setup, then any updates & security patches will be applied.
59
Information / Re: Past Due Changelogs
« on: March 19, 2026, 07:44:34 PM »Yes its great news that change logs are being published once again. Long may it continue.
However you need to analyse the dates of the updates which I assume are accurate.
In 2023 there were regular monthly updates, sometimes two per month.
In 2024 there were only two updates.
In 2025 there were only two updates.
And in 2026 we have the first update.
What happened to regular monthly updates to fix and enhance CWP especially on AlmaLinux 9.x and 10.x ? Please discontinue support on EOL operating systems and focus on the new.
Thanks
I agree, they need to drop support for the Past EOL CentOS 7.
Once they do that, the limitations for AL9 and hopefully AL10 will be gone.
Including getting rid of PHP 7.4/8.0 as the base version cwpsrv uses.
I understand the problem with PHP 8.4, since that org (PHP) removed several packages and now you have to use PECL to install them.
60
CSF Firewall / Re: Cannot enable Firewall
« on: March 17, 2026, 10:53:10 PM »
Please advise the following:
What distro are you running CWP on?
New or Existing installation?
What csf version? [csf -v]
What distro are you running CWP on?
New or Existing installation?
What csf version? [csf -v]

